Java & J2EE JSP
JSP –Cookies HandlingCookies are text files stored on the client computer and they are kept for various
information tracking purpose. JSP transparently supports HTTP cookies using underlying servlet
technology.
There are three steps involved in identifying returning users:
Server script sends a set of cookies to the browser. For example name, age, or identification number etc.
Browser stores this information on local machine for future use.
When next time browser sends any request to web server then it sends those cookies information to the server and server uses that information to identify the user or may be for some other purpose as well.
This chapter will teach you how to set or reset cookies, how to access them and how to delete
those using JSP programs.
The Anatomy of a Cookie
Cookies are usually set in an HTTP header (although JavaScript can also set a cookie directly on
a browser). A JSP that sets a cookie might send headers that look something like this:
HTTP/1.1 200 OK
Date: Fri, 04 Feb 2000 21:03:38 GMT
Server: Apache/1.3.9 (UNIX) PHP/4.0b3
Set-Cookie: name=xyz; expires=Friday, 04-Feb-16 22:03:38 GMT;
path=/; domain=tutorialspoint.com
Connection: close
Content-Type: text/html
As you can see, the Set-Cookie header contains a name value pair, a GMT date, a path and a
domain. The name and value will be URL encoded. The expires field is an instruction to the
browser to "forget" the cookie after the given time and date.
Department of Computer Science &Engineering NIT, Raichur 1
Java & J2EE JSP
If the browser is configured to store cookies, it will then keep this information until the expiry
date. If the user points the browser at any page that matches the path and domain of the cookie, it
will resend the cookie to the server. The browser's headers might look something like this:
GET / HTTP/1.0 Connection: Keep-Alive User-Agent: Mozilla/4.6 (X11; I; Linux 2.2.6-15apmac ppc) Host: zink.demon.co.uk:1126 Accept: image/gif, */* Accept-Encoding: gzip Accept-Language: en Accept-Charset: iso-8859-1,*,utf-8 Cookie: name=xyz
A JSP script will then have access to the cookies through the request method
request.getCookies()which returns an array of Cookie objects.
Servlet Cookies MethodsFollowing is the list of useful methods associated with Cookie object which you can use while
manipulating cookies in JSP:
Department of Computer Science &Engineering NIT, Raichur 2
Java & J2EE JSP
Setting Cookies with JSP Setting cookies with JSP involves three steps:
1. Creating a Cookie object: You call the Cookie constructor with a cookie name and a cookie
value, both of which are strings
Cookie cookie = new Cookie("key","value");
Keep in mind, neither the name nor the value should contain white space or any of the following
characters:
[ ] ( ) = , " / ? @ : ;
Department of Computer Science &Engineering NIT, Raichur 3
Java & J2EE JSP
2. Setting the maximum age: You use setMaxAge to specify how long (in seconds) the cookie
should be valid. Following would set up a cookie for 24 hours.
cookie.setMaxAge(60*60*24);
3. Sending the Cookie into the HTTP response headers: You use response.addCookie to add
cookies in the HTTP response header as follows:
response.addCookie(cookie);
Example: Let us modify our Form Example to set the cookies for first and last name.
<%
// Create cookies for first and last names.
Cookie firstName = new Cookie("first_name",
request.getParameter("first_name"));
Cookie lastName = new Cookie("last_name",
request.getParameter("last_name"));
// Set expiry date after 24 Hrs for both the cookies.
firstName.setMaxAge(60*60*24);
lastName.setMaxAge(60*60*24);
// Add both the cookies in the response header.
response.addCookie( firstName );
response.addCookie( lastName );
%>
<html>
<head>
<title>Setting Cookies</title>
</head>
<body>
Department of Computer Science &Engineering NIT, Raichur 4
Java & J2EE JSP
<center>
<h1>Setting Cookies</h1>
</center>
<ul>
<li><p><b>First Name:</b>
<%= request.getParameter("first_name")%>
</p></li>
<li><p><b>Last Name:</b>
<%= request.getParameter("last_name")%>
</p></li>
</ul>
</body>
</html>
Let us put above code in main.jsp file and use it in the following HTML page:
<html>
<body>
<form action="main.jsp" method="GET">
First Name: <input type="text" name="first_name">
<br />
Last Name: <input type="text" name="last_name" />
<input type="submit" value="Submit" />
</form>
</body>
</html>
Keep above HTML content in a file hello.jsp and put hello.jsp and main.jsp in <Tomcat-
installation-directory>/webapps/ROOT directory. When you would access
http://localhost:8080/hello.jsp, here is the actual output of the above form.
First Name :
Department of Computer Science &Engineering NIT, Raichur 5
Java & J2EE JSP
Last Name :
Try to enter First Name and Last Name and then click submit button. This would display first
name and last name on your screen and same time it would set two cookies firstName and
lastName which would be passed back to the server when next time you would press Submit
button.
Next section would explain you how you would access these cookies back in your web
application
Reading Cookies with JSPTo read cookies, you need to create an array of javax.servlet.http.Cookie objects by calling
thegetCookies( ) method of HttpServletRequest. Then cycle through the array, and use
getName() and getValue() methods to access each cookie and associated value.
Example: Let us read cookies which we have set in previous example:
<html>
<head>
<title>Reading Cookies</title>
</head>
<body>
<center>
<h1>Reading Cookies</h1>
</center>
<%
Cookie cookie = null;
Cookie[] cookies = null;
// Get an array of Cookies associated with this domain
cookies = request.getCookies();
if( cookies != null ){
out.println("<h2> Found Cookies Name and Value</h2>");
Department of Computer Science &Engineering NIT, Raichur 6
Java & J2EE JSP
for (int i = 0; i < cookies.length; i++){
cookie = cookies[i];
out.print("Name : " + cookie.getName( ) + ", ");
out.print("Value: " + cookie.getValue( )+" <br/>");
}
}else{
out.println("<h2>No cookies founds</h2>");
}
%>
</body>
</html>
Now let us put above code in main.jsp file and try to access it. If you would have set first_name
cookie as "John" and last_name cookie as "Player" then running http://localhost:8080/main.jsp
would display the following result:
Found Cookies Name and Value Name : first_name, Value: John
Name : last_name, Value: Player
Delete Cookies with JSPTo delete cookies is very simple. If you want to delete a cookie then you simply need to follow
up following three steps:
Read an already existing cookie and store it in Cookie object.
Set cookie age as zero using setMaxAge() method to delete an existing cookie.
Add this cookie back into response header.
Example:
Following example would delete and existing cookie named "first_name" and when you would
run main.jsp JSP next time it would return null value for first_name.
<html>
<head> Department of Computer Science &Engineering NIT, Raichur 7
Java & J2EE JSP
<title>Reading Cookies</title>
</head>
<body>
<center>
<h1>Reading Cookies</h1>
</center>
<%
Cookie cookie = null;
Cookie[] cookies = null;
// Get an array of Cookies associated with this domain
cookies = request.getCookies();
if( cookies != null ){
out.println("<h2> Found Cookies Name and Value</h2>");
for (int i = 0; i < cookies.length; i++){
cookie = cookies[i];
if((cookie.getName( )).compareTo("first_name") == 0 ){
cookie.setMaxAge(0);
response.addCookie(cookie);
out.print("Deleted cookie: " +
cookie.getName( ) + "<br/>");
}
out.print("Name : " + cookie.getName( ) + ", ");
out.print("Value: " + cookie.getValue( )+" <br/>");
}
}else{
out.println(
"<h2>No cookies founds</h2>");
}
Department of Computer Science &Engineering NIT, Raichur 8
Java & J2EE JSP
%>
</body>
</html>
Now let us put above code in main.jsp file and try to access it. It would display the following
result:
Cookies Name and Value
Deleted cookie : first_name
Name : first_name, Value: John
Name : last_name, Value: Player
Now try to run http://localhost:8080/main.jsp once again and it should display only one cookie as
follows
Found Cookies Name and Value Name : last_name, Value: Player
You can delete your cookies in Internet Explorer manually. Start at the Tools menu and select
Internet Options.
Department of Computer Science &Engineering NIT, Raichur 9
Java & J2EE JSP
JSP –Session TrackingHTTP is a "stateless" protocol which means each time a client retrieves a Web page, the
client opens a separate connection to the Web server and the server automatically does not keep
any record of previous client request.
Still there are following three ways to maintain session between web client and web server
CookiesA webserver can assign a unique session ID as a cookie to each web client and for subsequent
requests from the client they can be recognized using the received cookie.
This may not be an effective way because many time browser does not support a cookie, so I
would not recommend to use this procedure to maintain the sessions.
Hidden Form FieldA web server can send a hidden HTML form field along with a unique session ID as follows:
<input type="hidden" name="sessionid" value="12345">
This entry means that, when the form is submitted, the specified name and value are
automatically included in the GET or POST data. Each time when web browser sends request
back, then session_id value can be used to keep the track of different web browsers.
This could be an effective way of keeping track of the session but clicking on a regular (<A
HREF...>) hypertext link does not result in a form submission, so hidden form fields also cannot
support general session tracking.
URL RewritingYou can append some extra data on the end of each URL that identifies the session, and the
server can associate that session identifier with data it has stored about that session.
For example, with http://tutorialspoint.com/file.htm;sessionid=12345, the session identifier is
attached as sessionid=12345 which can be accessed at the web server to identify the client.
Department of Computer Science &Engineering NIT, Raichur 10
Java & J2EE JSP
URL rewriting is a better way to maintain sessions and works for the browsers when they don't
support cookies but here drawback is that you would have generate every URL dynamically to
assign a session ID though page is simple static HTML page.
The session Object Apart from the above mentioned three ways, JSP makes use of servlet provided HttpSession
Interface which provides a way to identify a user across more than one page request or visit to a
Web site and to store information about that user.
By default, JSPs have session tracking enabled and a new HttpSession object is instantiated for
each new client automatically. Disabling session tracking requires explicitly turning it off by
setting the page directive session attribute to false as follows:
<%@ page session="false" %>
The JSP engine exposes the HttpSession object to the JSP author through the implicit session
object. Since session object is already provided to the JSP programmer, the programmer can
immediately begin storing and retrieving data from the object without any initialization or
getSession().
Here is a summary of important methods available through session object:
Department of Computer Science &Engineering NIT, Raichur 11
Java & J2EE JSP
Session Tracking Example
This example describes how to use the HttpSession object to find out the creation time and the
last-accessed time for a session. We would associate a new session with the request if one does
not already exist.
<%@ page import="java.io.*,java.util.*" %>
<%
// Get session creation time.
Date createTime = new Date(session.getCreationTime());
// Get last access time of this web page.
Date lastAccessTime = new Date(session.getLastAccessedTime());
String title = "Welcome Back to my website";
Integer visitCount = new Integer(0);
Department of Computer Science &Engineering NIT, Raichur 12
Java & J2EE JSP
String visitCountKey = new String("visitCount");
String userIDKey = new String("userID");
String userID = new String("ABCD");
// Check if this is new comer on your web page.
if (session.isNew()){
title = "Welcome to my website";
session.setAttribute(userIDKey, userID);
session.setAttribute(visitCountKey, visitCount);
}
visitCount = (Integer)session.getAttribute(visitCountKey;
visitCount = visitCount + 1;
userID = (String)session.getAttribute(userIDKey);
session.setAttribute(visitCountKey, visitCount);
%>
<html>
<head>
<title>Session Tracking</title>
</head>
<body>
<center>
<h1>Session Tracking</h1>
</center>
<table border="1" align="center">
<tr bgcolor="#949494">
<th>Session info</th>
<th>Value</th>
</tr>
<tr>
Department of Computer Science &Engineering NIT, Raichur 13
Java & J2EE JSP
<td>id</td>
<td><% out.print( session.getId()); %></td>
</tr>
<tr>
<td>Creation Time</td>
<td><% out.print(createTime); %></td>
</tr>
<tr>
<td>Time of Last Access</td>
<td><% out.print(lastAccessTime); %></td>
</tr>
<tr>
<td>User ID</td>
<td><% out.print(userID); %></td>
</tr>
<tr>
<td>Number of visits</td>
<td><% out.print(visitCount); %></td>
</tr>
</table>
</body>
</html>
Now put above code in main.jsp and try to access http://localhost:8080/main.jsp. It would
display the following result when you would run for the first time:
Welcome to my website Session Information
Session info value
Department of Computer Science &Engineering NIT, Raichur 14
Java & J2EE JSP
id 0AE3EC93FF44E3C525B4351B77ABB2D5
Creation Time Tue Jun 08 17:26:40 GMT+04:00 2010
Time of Last Access Tue Jun 08 17:26:40 GMT+04:00 2010
User ID ABCD
Number of visits 0
Deleting Session DataWhen you are done with a user's session data, you have several options:
Remove a particular attribute: You can call public void removeAttribute(String name)
method to delete the value associated with a particular key.
Delete the whole session: You can call public void invalidate() method to discard an
entire session.
Setting Session timeout: You can call public void setMaxInactiveInterval(int interval)
method to set the timeout for a session individually.
Log the user out: The servers that support servlets 2.4, you can call logout to log the
client out of the Web server and invalidate all sessions belonging to all the users. web.xml Configuration: If you are using Tomcat, apart from the above mentioned methods, you can
configure session time out in web.xml file as follows. <session-config> <session-timeout>15</session-timeout> </session-config> The timeout is expressed as minutes, and overrides the default timeout which is 30 minutes in Tomcat. The getMaxInactiveInterval( ) method in a servlet returns the timeout period for that session in
seconds. So if your
Department of Computer Science &Engineering NIT, Raichur 15